top of page
Search

Clues in History

  • Writer: Cyber Catamounts
    Cyber Catamounts
  • Oct 9, 2020
  • 2 min read

Briefing:


Clues about our ancestry, the early stages of earth, and even extinct animals can be found all around us if we know where to look and how to recognize them. Just like these clues, it's up to you agent to find and recognize the clue in this document. We got our hands on this document when An agent of ours was helping a teacher grade assignments for a world *history* class and noticed that something extremely dangerous. When the teacher emailed the assignment google docs to the agent there was something that the agent found suspicious right away.  It seemed like there was a coded message in the document that the hacker wanted the teacher to find so that they could hack into the teacher’s computer. Help us find and decode the hidden message so that the teacher’s cybersecurity doesn’t get compromised. 







Solving the Problem:

Step-by-step analysis (jump to the end for TL;DR):


Upon opening the Google document, we’re immediately greeted with a bunch of memes, along with a message telling us to look “somewhere else”. As we scroll down, we also see some study notes. Apparently, this Google Doc is just someone’s world history notes. Or is it?


Let’s probe around:

  1. Press Ctrl+F and search for “flag”.

  2. Press Ctrl+A to highlight all texts. Tip #1: Making text color the same as background color is a good way to hide secrets.

  3. Clear formatting—copy everything and paste into somewhere else. Tip #2: Watch out for those tiny texts...

Unfortunately, those didn’t work. All we got was a fake flag:

Why bother trying, then? Well, it’s one of those things you should try first, just in case it worked. Binary? The strings command. JPEG image or WAV audio? Steghide. Files in general? Binwalk. Hotel? ...Okay, you get the idea.


If it worked, congratulations, you’ve hit the jackpot (AKA a really straight-forward challenge). If not, it’s still worth trying out, since it only takes seconds. You might even get a hint that points to the real solution!


Anyway, we just hit a dead end, so it’s time to take a step back and look at what we already know; which brings us to...


Tip #3: double-check the briefing and the title. (CTF creators like to hide hints there!)


As you might have already noticed, we emphasized the word “history” a lot.

We even emphasized it with bold fonts. Not suspicious at all, huh?

That’s right, it’s called world history notes for a reason, and we’re in a Google Doc for a reason...

(Alternatively, go to File > Version history > See version history.)


Nothing interesting in the comment history, but we’ll find our flag in an earlier version called Hidden History:

(At this point, the word “history” is starting to lose meaning, no? Classic case of semantic satiation.)


TL;DR: See version history. (It’s world history notes, afterall.)

Comments

©2020 by CyberCatamounts. Proudly created with Wix.com

bottom of page